Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

ld.so bug - LD_DEBUG_OUTPUT follows symlinks

From: Jakub Vlasek <jv () PILSEDU CZ>
Date: Tue, 26 Sep 2000 02:11:12 +0200
Hi,
   ld.so from glibc2 doesn't unset variables LD_DEBUG_OUTPUT and LD_DEBUG
when running suid. If program calls setuid(0) and then fork(), child
process will follow prepared symlink ($LD_DEBUG_OUTPUT.$pid) and
overwrites any file in system.

Jakub Vlasek
Previous By Date Next
Previous By Thread Next

Current thread: